cannot add local user to local group

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

if we try to add the local computer account 'ABC' to the local administrators
group on a Windows XP PC we receive the message " 'ABC' is already a member
of group 'Administrators', which is not the case as the user has no
administrative rights. on Windows 2000 we do not receive a similar message
but the user is not added to the appropriate group. if we check the group
memberships of user 'ABC' there are no entries.

This happens on every computer that is a member of our active directory. i
assume that this might be a problem as our active directory netbios domain
name is also 'ABC'.

Any ideas how to fix this?
 
Hello Jan,

To come more clear please post the complete domaine name. Also in a domain
you normally work not with local accounts, you work with domain user accounts,
please give some more infos why you will use local accounts and also why
they have to be local admins.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
 
Hi,

I have a similar issue, I create a local user with a user name the same as
our domain, however once I add that user to Administrators group, the user
doesn't appear in Administrators group and the "Member of" tab is empty.
When I attempt to add this local user to Administrator group again, I get
error message that the user is already a member of group "Administrators" but
I can't see the user in that group. Is there some sort of conflict of a
local user with domain?

Thanks.
 
Hello coder_2007,

Just to clarify. One local user account "test" and one domain user "test"
? You add "test" from domain or local, to the local group "Administrators" ?
The point is, you have two totally different useraccounts with the same name.
Every user object, doesn't matter if domain account or local, has a specific
unique Security identifier (SID). So you have to check if the account is
member of the domain or the local user account.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
 
Hi Meinolf,

Thanks for responding. The local user account is "test" and a domain name
is test, I don't know if there's a user on domain called test, I doubt if
there was one it would cause problems.

Thanks.
 
Hello coder_2007,

Talk to your SYSADMIN. He can give you more infos about the domain and maybe
he is controlling the local administrators group. Then you can't do it because
he can kick outb the local admin "test".

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
Click to expand...

hi,

Looks like its a bug on windows side. It is not allowing to add a user
to administrator group with the name same as it netbios domain name.
There is no such settings present on the Domain controller side to
avoid this.
 
Hello Dkp,

You can control the Local Administrators group with the Restricted Groups
Policy. Only accounts, groups in this group will have the local administrator
rights. Even the Administrator has to be added to the group to keep his local
admin right.

http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
 
Back
Top